No — employees are not your weakest link.

I just read a remarkable study by Mel Slater, a virtual reality researcher at the University of Barcelona. When people were virtually embodied as Albert Einstein in VR, they performed better on cognitive testing than when embodied as a random person.

Think about what this means for employees’ performance on security-related tasks before you adopt the mantra “employees are the weakest link.”

Interestingly, the same authors published a similar study showing that when subjects were embodied in VR with a Black virtual body, it led to a sustained reduction in their implicit racial bias.

One takeaway for CISOs: instead of doing more “phishing simulation” for employees, we should be doing more “employee simulation” for security teams. ❤️

Character from the movie “Arrival” wearing a protective suit, holding a sign reading “Human”